netwire | 35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a | Triage

Sharing

General

Target

35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a
Size

276KB
Sample

220626-3hvv6sgfh5
MD5

144a8163a39cc6ab324ab6ae6e009333
SHA1

0088c324a6a0b9f5c57fb354689eb1bce3ae82b7
SHA256

35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a
SHA512

5aed9ed6d79fd1184684cf9224b699a0e8072e2ce15ec4608e1cf3065d41314a0e7d53a057aec9d1881bcaa5998578960500d9f3063b52196b8992fb6441675f

Score

10^/10

netwire botnet rat stealer

Malware Config

Extracted

Family

netwire

C2

extensions14718.sytes.net:3324

extensions14718sec.sytes.net:3324

Attributes

activex_autorun
false
copy_executable
false
delete_original
false
host_id
HostId-%Rand%
keylogger_dir
C:\Users\Admin\AppData\Roaming\Logs\
lock_executable
false
mutex
AJTAsMDe
offline_keylogger
true
password
Password
registry_autorun
false
use_mutex
true

Targets

- Target
  
  35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a
- Size
  
  276KB
- MD5
  
  144a8163a39cc6ab324ab6ae6e009333
- SHA1
  
  0088c324a6a0b9f5c57fb354689eb1bce3ae82b7
- SHA256
  
  35a54493377d07e5e4d74a1d047d246437d2a6554ac2dd16d0b7e27b02370a8a
- SHA512
  
  5aed9ed6d79fd1184684cf9224b699a0e8072e2ce15ec4608e1cf3065d41314a0e7d53a057aec9d1881bcaa5998578960500d9f3063b52196b8992fb6441675f
Score

10^/10

netwire botnet rat stealer
- NetWire RAT payload
  rat
- Netwire
  Netwire is a RAT with main functionalities focused password stealing and keylogging, but also includes remote control capabilities as well.
  botnet stealer netwire
- Executes dropped EXE
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

netwirebotnetratstealer

behavioral2